Project

General

Profile

1 1386 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6 1529 Luisehahne
 * @author          Ryan Djurovich, WebsiteBaker Project
7 1386 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
*/
17
18
 // Include config file and admin class file
19
require('../../config.php');
20
require_once(WB_PATH.'/framework/class.admin.php');
21
22 1475 Luisehahne
$action = 'cancel';
23
// Set parameter 'action' as alternative to javascript mechanism
24
$action = (isset($_POST['modify']) ? 'modify' : $action );
25
$action = (isset($_POST['delete']) ? 'delete' : $action );
26 1386 Luisehahne
27 1475 Luisehahne
switch ($action):
28
	case 'modify' :
29
			// Print header
30
			$admin = new admin('Access', 'users_modify');
31
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
32
			// Check if user id is a valid number and doesnt equal 1
33 1492 Luisehahne
			if($user_id == 0){
34
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
35
            }
36 1475 Luisehahne
			if( ($user_id < 2 ) )
37
			{
38
				// if($admin_header) { $admin->print_header(); }
39
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
40
			}
41
			// Get existing values
42 1492 Luisehahne
			$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
43 1475 Luisehahne
			$user = $results->fetchRow();
44 1386 Luisehahne
45 1529 Luisehahne
			// Setup template object, parse vars to it, then parse it
46
			// Create new template object
47 1625 Luisehahne
			$template = new Template(dirname($admin->correct_theme_source('users_form.htt')));
48 1529 Luisehahne
			// $template->debug = true;
49 1475 Luisehahne
			$template->set_file('page', 'users_form.htt');
50
			$template->set_block('page', 'main_block', 'main');
51
			$template->set_var(	array(
52
								'ACTION_URL' => ADMIN_URL.'/users/save.php',
53
								'SUBMIT_TITLE' => $TEXT['SAVE'],
54
								'USER_ID' => $user['user_id'],
55
								'USERNAME' => $user['username'],
56
								'DISPLAY_NAME' => $user['display_name'],
57
								'EMAIL' => $user['email'],
58
								'ADMIN_URL' => ADMIN_URL,
59
								'WB_URL' => WB_URL,
60
								'THEME_URL' => THEME_URL
61
								)
62
						);
63 1386 Luisehahne
64 1475 Luisehahne
			$template->set_var('FTAN', $admin->getFTAN());
65
			if($user['active'] == 1) {
66
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
67 1386 Luisehahne
			} else {
68 1475 Luisehahne
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
69
			}
70
			// Add groups to list
71
			$template->set_block('main_block', 'group_list_block', 'group_list');
72
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
73
			if($results->numRows() > 0) {
74
				$template->set_var('ID', '');
75
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
76 1386 Luisehahne
				$template->set_var('SELECTED', '');
77 1475 Luisehahne
				$template->parse('group_list', 'group_list_block', true);
78
				while($group = $results->fetchRow()) {
79
					$template->set_var('ID', $group['group_id']);
80
					$template->set_var('NAME', $group['name']);
81
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
82
						$template->set_var('SELECTED', ' selected="selected"');
83
					} else {
84
						$template->set_var('SELECTED', '');
85
					}
86
					$template->parse('group_list', 'group_list_block', true);
87
				}
88 1386 Luisehahne
			}
89
90 1475 Luisehahne
			// Only allow the user to add a user to the Administrators group if they belong to it
91
			if(in_array(1, $admin->get_groups_id()))
92
		    {
93
				$template->set_var('ID', '1');
94
				$users_groups = $admin->get_groups_name();
95
				$template->set_var('NAME', $users_groups[1]);
96 1386 Luisehahne
97 1475 Luisehahne
				$in_group = FALSE;
98
				foreach($admin->get_groups_id() as $cur_gid){
99
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
100
				        $in_group = TRUE;
101
				    }
102
				}
103 1386 Luisehahne
104 1475 Luisehahne
				if($in_group) {
105
					$template->set_var('SELECTED', ' selected="selected"');
106
				} else {
107
					$template->set_var('SELECTED', '');
108
				}
109
				$template->parse('group_list', 'group_list_block', true);
110
			} else {
111
				if($results->numRows() == 0) {
112
					$template->set_var('ID', '');
113
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
114
					$template->set_var('SELECTED', ' selected="selected"');
115
					$template->parse('group_list', 'group_list_block', true);
116
				}
117
			}
118 1386 Luisehahne
119 1475 Luisehahne
			// Generate username field name
120
			$username_fieldname = 'username_';
121
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
122
			srand((double)microtime()*1000000);
123
			$i = 0;
124
			while ($i <= 7) {
125
				$num = rand() % 33;
126
				$tmp = substr($salt, $num, 1);
127
				$username_fieldname = $username_fieldname . $tmp;
128
				$i++;
129
			}
130 1386 Luisehahne
131 1475 Luisehahne
			// Work-out if home folder should be shown
132
			if(!HOME_FOLDERS) {
133
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
134
			}
135
136
			// Include the WB functions file
137
			require_once(WB_PATH.'/framework/functions.php');
138
139
			// Add media folders to home folder list
140
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
141
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
142
		    {
143
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
144
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
145
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
146
					$template->set_var('SELECTED', ' selected="selected"');
147
				} else {
148
					$template->set_var('SELECTED', ' ');
149
				}
150
				$template->parse('folder_list', 'folder_list_block', true);
151
			}
152
153
			// Insert language text and messages
154
			$template->set_var(array(
155
								'TEXT_RESET' => $TEXT['RESET'],
156 1492 Luisehahne
								'TEXT_CANCEL' => $TEXT['CANCEL'],
157 1475 Luisehahne
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
158
								'TEXT_DISABLED' => $TEXT['DISABLED'],
159
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
160
								'TEXT_USERNAME' => $TEXT['USERNAME'],
161
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
162
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
163
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
164
								'TEXT_EMAIL' => $TEXT['EMAIL'],
165
								'TEXT_GROUP' => $TEXT['GROUP'],
166
								'TEXT_NONE' => $TEXT['NONE'],
167
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
168
								'USERNAME_FIELDNAME' => $username_fieldname,
169
								'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
170
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
171
								)
172
						);
173
174
			// Parse template object
175
			$template->parse('main', 'main_block', false);
176
			$template->pparse('output', 'page');
177 1492 Luisehahne
			// Print admin footer
178
			$admin->print_footer();
179 1475 Luisehahne
			break;
180
		case 'delete' :
181
			// Print header
182
			$admin = new admin('Access', 'users_delete');
183
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
184
			// Check if user id is a valid number and doesnt equal 1
185 1492 Luisehahne
			if($user_id == 0){
186
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
187
            }
188 1475 Luisehahne
			if( ($user_id < 2 ) )
189
			{
190
				// if($admin_header) { $admin->print_header(); }
191
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
192
			}
193 1492 Luisehahne
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
194
            $sql .= 'WHERE `user_id` = '.$user_id.'';
195
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
196
				// Delete the user
197
				$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
198
            } else {
199
				$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
200
            }
201
202 1475 Luisehahne
			if($database->is_error()) {
203
				$admin->print_error($database->get_error());
204
			} else {
205 1492 Luisehahne
				$admin->print_success($MESSAGE['USERS_DELETED']);
206 1475 Luisehahne
			}
207 1492 Luisehahne
			// Print admin footer
208
			$admin->print_footer();
209 1475 Luisehahne
			break;
210
	default:
211
			break;
212
endswitch;